remcos | 2a05bad28ef313e93f754ea77c098ba005b672cb3880bdbe27c131d2d5a23738[.]exe | Triage

Sharing

General

Target

2a05bad28ef313e93f754ea77c098ba005b672cb3880bdbe27c131d2d5a23738.exe
Size

29KB
MD5

ea0efe9589feb0cadcb940d7a131f375
SHA1

c0a8f65a22b1df987e5708adca4be24e9a31e3d2
SHA256

2a05bad28ef313e93f754ea77c098ba005b672cb3880bdbe27c131d2d5a23738
SHA512

8fc755edc9c09e60673247600ace56a963a8e4fb5c38ae1a5f058ee06e47dee7e633fbb1b35841fda7f6f40e91d59056f42cf0fc8e7388c62f1b234a49056a59
SSDEEP

768:dl9fpYdyqbSgZnxF2b7jfHoxjjwoAxdqUSak:P9aEknxKjfHQjMRxdZk

Score

10^/10

upx remcos

Malware Config

Signatures

Remcos family
remcos

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2a05bad28ef313e93f754ea77c098ba005b672cb3880bdbe27c131d2d5a23738.exe
unpack001/out.upx

Files

2a05bad28ef313e93f754ea77c098ba005b672cb3880bdbe27c131d2d5a23738.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ